\section{Security related Topics}
As described in section \ref{sec:bex},
public key operations are used in Base Exchange to generate Diffie-Hellman shared
keys, to sign the messages and to verify
signatures. According to \cite{hip_draft}, 
``HIP implementations MUST support the Rivest Shamir Adelman (RSA/SHA1)
public key algorithm, and SHOULD support the
Digital Signature Algorithm (DSA) algorithm''. 
The HIPL implementation supports both the RSA and the DSA algorithm.

The description given here is not intended to be even a brief introduction
of cryptography and security. Instead, we assume that the readers are familiar with 
the basic concept
of symmetrical and asymmetrical encryption.
Basically in the symmetrical encryption, a secrete key is shared by the
communication peers for both encryption and decryption. In the
asymmetrical encryption, there is a pair of keys, one public key 
for encryption, and another private key for decryption which must be kept
secret.
For details please refer 
\cite{HAC} or \cite{intro_crypto}.

We introduce here some selected points in security which are important
for the design and implementation of our model.
\subsection{Signature Size of DSA and RSA}\label{sec:key_length}
\subsubsection{The RSA signature}
As described in \cite{HAC}, digital signatures of RSA can be achieved by
applying the encryption algorithm using the user's private key. 
HIP follows the specification about RSA signature of RFC 3110
\cite{rfc3110}. According to the document, the signature of RSA algorithm is
calculated as follows:
\begin{gather*}
\text{signature} = (01|\text{FF*}|00|\text{prefix}|\text{hash})^ e (\text{mod}\, n)
\end{gather*}
where the hash is the hash value gained by applying the SHA hash 
algorithm to the data to be signed. According to the explanation of RFC 3110 , 
``01, FF, and 00
are fixed octets of the corresponding hexadecimal value. prefix is
the ASN.1 BER SHA1 algorithm designator prefix required in PKCS1
as defined in RFC 2437. The FF octet MUST be repeated the maximum
number of times such that the value of the quantity being
exponentiated is one octet shorter than the value of $n$''.
$e$ is the
private key of the signer, $n$ is the modulus of the singer's public key,
known as the key length of the RSA algorithm. Thus, the signature has the
same size as the RSA key length.

\subsubsection{The DSA signature}
The Digital Signature Algorithm (DSA) is a signature algorithm proposed by
the U.S. National Institute of Standards and Technology. The DSA algorithm
is standardized by the U.S. Federal Information Processing Standard (FIPS
186)\cite{fips186-2} which is called  \emph{Digital Signature
Standard}(DSS). The DSA algorithm is a variant of the ElGamal scheme \cite{HAC}.

HIP follows the specification of the DSA signature of RFC 2536
\cite{rfc2536}. According to that, a DSA-signature 
has the double size of the hash value used to be signed. In DSA
with 1024 bits key length, the hash algorithm used is SHA1 with an output
length of 160 bits.  
Thus the size of
DSA signature is 40 bytes which is  much smaller than the RSA signatures\footnote{In the
draft of the third revision to the DSA specification \cite{fips186-3}, the signature size
using keys of 2048 bits is $(224 * 2)/8 = 56$ bytes, and for keys with length of
3072 bits, the signature size is $(256 *2)/8 = 64$ bytes}.
\subsection{RADIUS, WPA, Certificate, SSL, SSH}
In this section, we introduce some protocols and technologies used to
provide security for wireless networks.
\subsubsection{RADIUS}
RADIUS (Remote Authentication Dial-In User Service) is an authentication
protocol which is used by an authenticator (for example an access point)
to authenticate a dial-in user
with a central server. By using RADIUS, a centralized user profile database
can be established which can be shared by all authenticators, and thus
features like user
accounting and roaming are possible. RADIUS is
defined  in RFC 2138 \cite{rfc2138} and acts as the de facto industrial 
standard
for authentication, authorization and accounting in network deployment.
\subsubsection{WPA (WPA2)}
Wi-Fi Protected Access (WPA) is a security standard for wireless networks.  
It was designed to combat the serious security weakness in the previous
standard, the Wired Equivalent Privacy (WEP).

WPA uses more sophisticated encryption algorithm than WEP and provides user
authentication together with a RADIUS server. For encryption,  each user 
gets different
keys. For home user, WPA's
authentication and encryption can be triggered by a pre-shared key (PSK).

WPA was created by the Wi-Fi Alliance as a security standard prior to the
IEEE 802.11i standard was finished. The WPA2 is based on the final draft of
the IEEE 802.11i standard.


\subsubsection{Certificate}
A certificate in context of public key encryption is an electronical
document which binds a public key to an identity. A
certificate should be issued by a Certificate Authority (CA) which every party
in the communication trusts. Typically, a certificate contains the name of
the entity (subject) to whom the certificate is issued, valid time,
algorithm used for signature and the public key of the subject. A CA must
verify the identity in a rigorous way so that with the public key of the
CA, other parties can verify that the public key belongs to the
subject. 

There are many standards of certificates, both from the ITU and from the
ITEF. The X.509 certificate \cite{x509} from ITU is the most common
certificate standard.

\subsubsection{SSL}
The Secure Sockets Layer (SSL) and its successor Transport Layer Security
(TLS) are cryptographic protocols that provide security on the transport
layer. The SSL and TLS are not compatible, but the protocol
basically remains the same.

SSL is often used to secure data transmission by separate applications. The
client and the server like a web server start a handshake procedure to
establish a secure connection. It is mandatory that the server must be
equipped with a valid certificate and if necessary, the client may also be
required to use a certificate to authenticate himself. After the
negotiation, the client trusts the server and a secure SSL session exists between
the two applications between server and the client. 

\subsubsection{SSH}
The Secure Shell, or SSH, is a network protocol which is used primarily to
establish a secure channel between two computers. It uses public key for 
authentication and negotiated symmetric key for encryption. 
Since it also supports
tunneling, TCP port forwarding and X11 connection, it can be also used for
secure an Internet connection in an insecure network.
